如何为Azure AD上托管的WebAPI生成令牌?

时间:2018-09-28 10:29:58

标签: api asp.net-web-api asp.net-web-api2 azure-active-directory

我有一个在Azure AD中托管的api。

我在Startup.cs内有以下代码

 public partial class Startup
    {
        private static readonly string ClientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static readonly string AadInstnace = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static readonly string TenantId = ConfigurationManager.AppSettings["ida:TenantId"];
        private static readonly string PostLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
        private static readonly string Authority = AadInstnace + TenantId;

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = ClientId,
                Authority = Authority,
                PostLogoutRedirectUri = PostLogoutRedirectUri
            });
        }
    }

我在这里看不到任何回发令牌生成代码:(

如何获取可用于从控制台应用程序调用此webapi的令牌?

1 个答案:

答案 0 :(得分:1)

看看nuget包-Microsoft.IdentityModel.Clients.ActiveDirectory(https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory

然后,您可以使用代码

生成访问令牌。 
var authority = "https://login.microsoftonline.com/your-aad-tenant-id/oauth2/token";
var context = new AuthenticationContext(authority);
var resource = "https://some-resource-you-want-access-to";

var clientCredentials = new ClientCredential(clientId, clientSecret);

var result = await context.AcquireTokenAsync(resource, clientCredentials);

您将需要为AAD clientId

创建秘密值。
相关问题
最新问题